LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
Reload this Page SSLProtocol: Illegal protocol 'TLSv1.2'
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-14-2016, 10:25 PM   #1
Rtoogee
LQ Newbie
 
Registered: Mar 2016
Posts: 2

Rep: Reputation: Disabled
SSLProtocol: Illegal protocol 'TLSv1.2'

Hi,
I use
- Red Hat Enterprise Linux Server release 6.4 (Santiago)
- Apache/2.4.17 (Unix)
- OpenSSL 1.0.0-fips 29 Mar 2010

I want to enable TLSv1.2, so i did upgrade OpenSLL into OpenSSL 1.0.1e-fips 11 Feb 2013

And then change /usr/local/apache2/conf/extra/httpd-ssl.conf with this command:
#SSLProtocol all -SSLv3
#SSLProxyProtocol all -SSLv3
SSLProtocol -all +TLSv1.2
SSLProxyProtocol -all +TLSv1.2

But when i did restart httpd there is error:
restart httpd : AH00526: Syntax error on line 83 of /usr/local/apache2/conf/extra/httpd-ssl.conf:
SSLProtocol: Illegal protocol 'TLSv1.2'

Please help me how to solve this issue.
IMO, Apache/2.4.17 (Unix) and penSSL 1.0.1e-fips 11 Feb 2013
already support TLSv1.2

Thank You
 
Old 03-16-2016, 02:01 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,165
Blog Entries: 1

Rep: Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032Reputation: 2032
Hi,

You don't give more details, but I guess you've compiled apache from sources (because it's installed in /usr/local/apache2) and you did the same for openssl- 1.0.1e
If that's the case, then apache used the header/library files from the default openSSL 1.0.0 when compiling, that's why it doesn't support TLSv1.2
You should recompile apache using:
Code:
make distclean
export CPPFLAGS=-I/path/to/openSSL-1.0.1e/include
export LDFLAGS=-L/path/to/openSSL-1.0.1e/lib
./configure ...
Regards
Last edited by bathory; 03-16-2016 at 03:34 AM.
 
1 members found this post helpful.
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Disabling TLSv1.0 on postfix = ~25% of mails not received psycroptic Linux - Server 1 02-15-2016 07:37 AM
How to disable TLSv1.0/TLSv1.1 and CBC ciphers in Redhat surroor Red Hat 2 12-03-2015 04:44 PM
LXer: TCP/IP Protocol: Network Time Protocol (NTP) LXer Syndicated Linux News 0 11-21-2013 12:00 AM
LXer: Tutorial: Border Gateway Protocol, The Routing Protocol of the Internet LXer Syndicated Linux News 0 11-13-2008 05:11 AM
Unsupported protocol 'Compression Control Protocol' (0x80fd) received RKris Linux - Software 0 08-21-2002 08:24 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:35 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration